HOTEL BUSINESS REVIEW
DECEMBER FOCUS: Hotel Law

Cybersecurity Checklist : 12 Security Risks Hotels Must Address

By Mark Melodia Partner - Data Strategy, Security & Privacy, Holland & Knight | December 2019

This article was co-authored by Mark Francis, Partner - Data Strategy, Security & Privacy, Holland & Knight

In April 2019, Symantec reported that nearly 70% of hotel websites Many of the leaks were attributable to third-party tools and plugins running on the websites.

Vendor Breaches

In June 2019, CPO magazine reported that a third-party data breach was to blame for major hotel chains.

In August 2019, a hotel vendor left a customer database exposed and information relating to 700,000 guests was stolen.

The hospitality sector is not subject to only the above "garden variety" cyber attacks; some forms of attacks are more tailored to this industry. For example, criminals have used cyber attacks to circumvent keycard locks and break into hotel rooms-long crime sprees Despite efforts to address such issues in recent years, security researchers demonstrated again in April 2018 how a one-minute attack

The common theme in many, if not most, cyber attacks is the involvement of a vendor. This is not particularly surprising given that most businesses now rely heavily on third-party service providers. Virtually every regulator and industry standards organization has therefore called out vendors as a key security risk that needs to be addressed by organizations.

Cybersecurity as a Risk Management Function

Cyber attacks present various forms of business exposure, such as losing customers, reputational harm, and loss of trade secrets. But they are also associated with legal exposure, including B2B liability, class actions and government investigations. The risk spectrum continues to evolve, with more recent exposure stemming from whistleblower claims regarding poor cyber practices, as well as shareholder derivative suits and securities class actions. Like many other sectors, the cybersecurity challenges faced by the hospitality industry represent a growing percentage of enterprise risk, and therefore cybersecurity is ultimately about risk mitigation.

This risk can certainly be mitigated through a variety of technical safeguards (like firewalls and antivirus), administrative safeguards (like employee policies) and physical safeguards (like CCTV and secured facilities). But identified risk can also be managed and mitigated by shifting or transferring risk through contractual obligations and insurance. This is particularly true in the context of vendor relationships.

Vendor Risk Management

As a starting point, vendor relationships can be managed through a risk management program with the following elements, which may also be viewed as a vendor lifecycle:

Planning/Governance: The foundation of a vendor program includes a determination on who will supervise vendors, setting baseline vendor security requirements, maintaining an inventory of vendors, and understanding the risks associated with each vendor (i.e., what data or systems will they have access to).
Due Diligence: Onboarding a new vendor typically includes an assessment of their security posture (through questionnaire responses or reviewing their internal security documentation), determining how and under what circumstances they will handle personal information or other sensitive data, and identifying whether they have any material subcontractors.
Contracts: Addressed below in detail, contracts not only establish binding security requirements that reduce cyber risks, but also allocate risk between the parties in the event something goes wrong.
Monitoring: Companies need to periodically ensure compliance with contractual security commitments, particularly with respect to vendors with access to sensitive data or systems.
Termination: At all times, starting at the outset of a new relationship and during contracting, companies should have a viable exit strategy for vendors who provide critical services and contemplate breach of contract scenarios, bankruptcy or other disruptive events.

Vendor Contracts: The Cybersecurity Checklist

Here is a checklist of cyber-related considerations to address in contracts for vendor relationships that present security risks, as well as related data privacy and ownership considerations.

1. Security

Security provisions are not a one-size-fits-all in contracts. At a minimum, any vendor who (i) receives sensitive data or (ii) gets access to an organization's systems should be required to preserve the confidentiality, integrity and availability of company's confidential information with commercially reasonable administrative, technical and physical safeguards. Many agreements include a requirement to conform "with generally recognized best practices and industry standards" but there is no clear interpretation of this phrase, so companies may often want to consider including more specific security requirements or, alternatively, mandate compliance with particular legal regulations or industry standards. These requirements should be auditable in some fashion, as described below.

2. Applicable Laws and Regulatory Requirements

Contracts frequently impose compliance with regulatory requirements on vendors, although they may be unclear as to what circumstances actually require such compliance. Such "catch-all" provisions should be clarified where possible to limit unnecessary burdens in view of the data that will actually be exchanged pursuant to the agreement. For example, reference to specific healthcare or financial services laws is sensible when the information they cover is within the scope of contracted services. In addition, particular addition may be needed for evolving privacy and security laws with specific requirements for service providers, including the California Consumer Privacy Act (CCPA) and the New York Stop Hacks and Improve Electronic Data Security Act (SHIELD Act).

3. Data Privacy

Contracts that involve the exchange of personal information (such as employee or customer data) should call out whether specific requirements apply to the handling or use of the information. The vendor may need to comply with the company's public privacy policy or specific regulatory requirements or commitments. Where the vendor wants to use the information for other purposes, there may be room for compromise, such as permitting the receiving party to sufficiently anonymize the information and use the aggregated data outside the scope of the contract, such as for analytics purposes.

4. Data Ownership/Licensing

Many agreements that address intellectual property rights and data security are less clear about ownership of data, particularly data created pursuant to the agreement, which might reflect contributions by both parties. Any contract involving the exchange or use of data should specify who owns what data. In many instances the data owner will give the counter party a license to use the data, either for the life of the contract or potentially in perpetuity. The provision should indicate whether the licensee's data use is limited to fulfilling purpose of the contract or if data can be used for other purposes. Ownership and license rights for personal information requires particular attention because it impacts privacy obligations, consumer commitments, and legal obligations (such as under the CCPA).

5. Data Breach and Notice Procedures

A vendor should be required to provide prompt notice in the event of a breach, and notice provisions may include a specific timeframe for disclosure. An organization must be mindful that its own notification obligations may be triggered in the event of a vendor breach, and it often cannot afford delays in notification on the part of a vendor. Vendor cooperation in any breach investigation and notice to law enforcement, regulators, and affected individuals is also important.

6. Audit Rights

Ongoing monitoring is increasingly necessary in vendor risk management, but it can take many forms, including onsite visits, annual questionnaires, or periodic third-party compliance or certification reports (e.g., SOC 2, Type II). But organizations with dozens or hundreds of vendors should be mindful of the fact that they cannot realistically conduct intense audits of all their vendors on a regular basis and should therefore (i) focus on vendors that present the most risk, and (ii) ensure that audit provisions are practical and achievable. Audit provisions often permit an audit each year or after an adverse event (e.g., data breach or discovery of noncompliance with security obligations).

7. Liability and Indemnity

There is often no issue as contentious in current contracting as the allocation of liability and indemnity obligations for cybersecurity and data privacy issues. Negotiation leverage ultimately plays a large role in resolving liability and indemnity terms, but they should be carefully assessed so an organization understands its risk exposure. In more balanced negotiations, risk allocation is often commensurate with, or based off a multiple of, the deal value.

8. Cyber Insurance

Cyber insurance is increasingly required in deals as a backstop for the vendor's liability and indemnity obligations. It is particularly important with smaller vendors who may be unable to independently cover obligations. However, vendor policies may have sub-limits and exclusions for particular forms of exposure, and may be needed in an incident to cover other vendor customers, so companies evaluating the risk in a vendor relationship should recognize that the insurance limit referenced in a contract does not guarantee that same amount will be available in all instances.

9. Subcontractors

Security and privacy obligations should be required to contractually flow down to subcontractors in material respects, particularly where such subcontractors will have the same level of access to company data or systems. For highly sensitive services, subcontractors may even be subject to approval of the company.

10. Cross-Border Transfers

More than ever before, contracts need to be clear on where data can be processed or stored. For example, personal information that is processed or stored in the EU can subject the data-and by extension its owner-to the EU's General Data Protection Regulation (GDPR), even if it pertains to non-EU residents. There are also risks in permitting sensitive data to be accessed overseas in jurisdictions where it will be difficult or impractical to pursue violations of the contract (such as theft of data or intellectual property).

11. Termination and Data Format

An organization should ensure it has a right to collect all of its data maintained by the vendor and identify a specific data format that will be compatible with other systems. In the event of a breach of contract or termination, the relationship may have soured and a clear contractual obligation to transfer data in a usable format may be crucial to ongoing business activities that rely on the data. There have been recent instances of "data hostage taking" where disputes result in a vendor holding data in return for invoices due or other payments.

12. Preparing for Change

One final point that should be considered is how the organization and vendor will collaborate to update their negotiated terms and address new risks if the documented security requirements are no longer sufficient. There have been a number of vendor data breaches due to outdated practices that vendors continued to adhere to because that was what the contract specified.

Negotiating Through Conflicts

Above all else, contract conflicts are subject to the respective negotiation leverage of each party (i.e., who needs who more). That said, there are generally workable solutions to many initial conflicts on terms. Companies should be pragmatic about capabilities, compliance needs, and the "cost" of concessions. It is often helpful to be proactive around risk issues, such as by establishing internal security baselines, template requirements aligned with legal obligations and service needs, and a risk tolerance posture.

In lieu of, and in addition to, solving for risk through contractual obligations, it is important to leverage other means to reduce exposure, such as considering the company's own cyber insurance, restricting the amount of data sharing and systems access given to third parties as much as possible, and adopting policies and technical safeguards that can supplement the vendor's own practices.

For example, in some instances vendors can perform services within a segregated system environment maintained by the company, so the data remains within the company's control rather than be accessed or hosted on a vendor's own systems.

With attention to the checklist items and considerations above, the risks associated with vendors can be managed both individually and collectively to best protect the company's cyber risk profile.

Terms & Conditions

The following are terms of a legal agreement ("Agreement") between you and HotelExecutive. By accessing, browsing and/or otherwise using this web site, HotelExecutive, you acknowledge that you have read, understood and agreed to be bound by these terms and conditions, and to comply with all applicable laws and regulations, including U.S. export and re-export control laws and regulations. If you do not agree to all of these terms and conditions, you may not access, browse and/or use HotelExecutive. The material provided on HotelExecutive is protected by law, including, but not limited to, United States copyright law and international treaties.

These terms of access apply to your access to and use of HotelExecutive and do not alter in any way the terms and conditions of any other agreement you may have with HotelExecutive for products, software, services or otherwise, unless otherwise directed by HotelExecutive. If you breach any of these terms and conditions, your authorization to use HotelExecutive automatically terminates and you must immediately destroy any downloaded or printed materials and discontinue use of any hyperlinks to HotelExecutive.

1. USE RESTRICTIONS

Copyright. All Site materials, including, without limitation, text, pictures, graphics and other files and the selection and arrangement thereof are copyrighted materials of HotelExecutive © 1996-2016, ALL RIGHTS RESERVED, or by the original creator of the material. Permission is granted to display and use the materials on HotelExecutive for private individual, educational and noncommercial use only, provided you do not modify the materials and that you retain all copyright and other proprietary notices contained in the materials. You may not, however, distribute, copy, reproduce, display, republish, download, or transmit any material on HotelExecutive for commercial use without prior written approval from HotelExecutive. You may not "mirror" any material contained on HotelExecutive on any other server without prior written permission from HotelExecutive. Any unauthorized use of any material contained on HotelExecutive may violate copyright laws, trademark laws, the laws of privacy and publicity and communications regulations and statutes.

Trademarks

The trademarks, service marks, trade names and logos (the "Trademarks") used and displayed on HotelExecutive are registered and unregistered Trademarks of HotelExecutive. In addition, all page headers, custom graphics, icons and scripts are service marks, trademarks and/or trade dress of HotelExecutive, and may not be copied, imitated or used, in whole or in part, without the prior written permission of HotelExecutive. You acknowledge that the Trademarks used and displayed on HotelExecutive are and shall remain the sole property of HotelExecutive or the Trademark owner. Nothing in this Agreement shall confer any right of ownership of any of the Trademarks in you. Further, nothing in HotelExecutive shall be construed as granting, by implication, estoppel or otherwise any license or right to use any Trademark used or displayed on HotelExecutive, without the express written permission of HotelExecutive or the Trademark owner. The misuse of the trademarks displayed on HotelExecutive, or any other Content on HotelExecutive, is strictly prohibited.

Hyperlinks

You are granted a limited, nonexclusive right to create a hypertext link to HotelExecutive provided that such link is to the entry page of HotelExecutive and does not portray HotelExecutive or any of its products or services in a false, misleading, derogatory, or otherwise defamatory manner. This limited right may be revoked at any time for any reason whatsoever. You may not use framing techniques to enclose any Company trademark, logo or trade name or other proprietary information including the images found at HotelExecutive, the Content of any text or the layout/design of any page or any form contained on a page without HotelExecutive's express written consent. Links to third party sites on HotelExecutive are provided solely as convenience to you. If you use these links, you will leave HotelExecutive. HotelExecutive has not reviewed all of these third party sites and does not control and is not responsible for any of these sites, their Content or their policies, including, without limitation, privacy policies or lack thereof. HotelExecutive does not endorse or make any representations about third party sites or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to HotelExecutive, you do so entirely at your own risk. You acknowledge and agree that HotelExecutive shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by, or in connection with the use of or reliance on any such third party sites.

Downloadable Materials

Any software, including codes or other materials that are made available to download from HotelExecutive, is the copyrighted work of HotelExecutive and/or its suppliers and affiliates. If you download software from HotelExecutive, use of the software is subject to the license terms in the software license agreement that accompanies or is provided with the software. You may not download or install the software until you have read and accepted the terms of the applicable software license agreement. Without limiting the foregoing, copying or reproduction of the software to any other server or location for further reproduction or redistribution is expressly prohibited unless otherwise provided for in the applicable software license agreement in the case of software, or the express written consent of HotelExecutive in the case of codes or other downloadable materials.

Limited Access

Except as otherwise expressly permitted by HotelExecutive, any access or attempt to access other areas of HotelExecutive computer system or other information contained on the system for any purposes is strictly prohibited. You agree that you will not use any robot, spider, other automatic device, or manual process to "screen scrape," monitor, "mine," or copy the Web pages on HotelExecutive or the Content contained therein without HotelExecutive's prior, express, and written permission. You will not spam or send unsolicited e-mail to any other user of HotelExecutive for any reason. You agree that you will not use any device, software or routine to interfere or attempt to interfere with the proper working of HotelExecutive. You agree that you will not take any action that imposes an unreasonable or disproportionately large load on HotelExecutive's infrastructure.

Additional Use Restrictions

You shall not post, transmit, e-mail, re-transmit or store material on or through any of the services provided by HotelExecutive (the "Services") which, in the sole judgment of HotelExecutive: (i) is in violation of any local, state, federal or non-United States law or regulation, (ii) is threatening, obscene, indecent, defamatory or that otherwise could adversely affect any individual, group or entity (collectively, "Persons") or (iii) violates the rights of any person, including rights protected by copyright, trade secret, patent or other intellectual property or similar laws or regulations including, but not limited to, the installation or distribution of "pirated" or other unauthorized photos or software products that are not appropriately licensed for use by you. You shall be responsible for determining what laws or regulations are applicable to its use of the Services. In addition, you may only use the Services in a manner that, in HotelExecutive's sole judgment, is consistent with the purposes of such Services. If you are unsure of whether any contemplated use or action is permitted, please contact HotelExecutive at editor@HotelExecutive By way of example, and not limitation, the following uses described below of the Services are expressly prohibited:

A. upload, post, e-mail or otherwise transmit any information, data, text, software, music, sound, photographs, graphics, video, messages or other materials (collectively, "Content") that is unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous, invasive of another's privacy, hateful, sexually intolerant or racially, ethnically or otherwise objectionable;

B. impersonate any person or entity, including, but not limited to, a Company official, forum leader, guide or host, or falsely state or otherwise misrepresent your affiliation with a person or entity;

C. forge headers or otherwise manipulate identifiers in order to disguise the origin of any Content transmitted through the Services or develop restricted or password-only access pages, or hidden pages or images (those not linked to from another accessible page);

D. upload, post, e-mail or otherwise transmit any Content that you do not have a right to transmit under any law or under contractual or fiduciary relationships such as inside information, proprietary and confidential information learned or disclosed as part of employment relationships or under nondisclosure agreements;

E. upload, post, e-mail or otherwise transmit any Content that infringes any patent, trademark, trade secret, copyright or other proprietary rights of any party;

F. upload, post, e-mail or otherwise transmit any unsolicited or unauthorized advertising, promotional materials, "junk mail," "spam," "chain letters," "pyramid schemes" or any other form of solicitation;

G. upload, post, e-mail or otherwise transmit any material that contains software viruses, worms or any other computer code, files or programs designed to interrupt, destroy or limit the functionality of any computer software or hardware or telecommunications equipment;

H. interfere with or disrupt the Services or servers or networks connected to the Services, or disobey any requirements, procedures, policies or regulations of networks connected to the Services;

I. intentionally or unintentionally violate any applicable local, state, national or international law, including, but not limited to, regulations promulgated by the U.S. Securities and Exchange Commission, any rules of any national or other securities exchange, including, without limitation, the New York Stock Exchange, the American Stock Exchange or the NASDAQ, and any regulations having the force of law;

J. 'stalk' or otherwise harass another user of HotelExecutive or Company employee or official;

K. promote or provide instructional information about illegal activities, promote physical harm or injury against any group or individual, or promote any act of cruelty to animals. This may include, but is not limited to, providing instructions on how to assemble bombs, grenades and other weapons, and creating "Crush" sites; and

L. effecting security breaches or disruptions of Internet communication. Security breaches include, but are not limited to, accessing data of which you are not an intended recipient or logging into a server or account that you are not expressly authorized to access.

M. advertising to, or soliciting any user of HotelExecutive to buy or sell any products or services through the unauthorized or impermissible use of the Services. You may not transmit any junk email or chain letters to other users. If you breach this Agreement and send unsolicited bulk email, instant messages or other unauthorized commercial communications of any kind through the Services, you acknowledge that you will have caused substantial harm to HotelExecutive, but that the amount of such harm would be extremely difficult to ascertain. As a reasonable estimation of such harm, you agree to pay HotelExecutive $500 for each such unsolicited email or other unauthorized commercial communication you send to each user through the Services.

2. DISCLAIMER WARRANTY

HotelExecutive, including all software, functions, materials, and information is provided "as is" without warranties of any kind, either express or implied. HotelExecutive disclaims all warranties, express or implied, including, but not limited to, warranties of non-infringement and implied warranties of merchantability, fitness for a particular purpose, non-infringement, title, merchantability of computer programs, data accuracy, system integration, and informational Content. HotelExecutive does not warrant or make any representations regarding the operation of HotelExecutive, the use, validity, accuracy or reliability of, or the results of the use of the materials on HotelExecutive or any other sites linked to HotelExecutive. The materials of HotelExecutive may be out of date, and HotelExecutive makes no commitment to update the materials at HotelExecutive. HotelExecutive does not and cannot guarantee or warrant that the files available for downloading from HotelExecutive, if any, will be free from infection, viruses, worms, Trojan horses, or other code that manifest contaminating or destructive properties. HotelExecutive does not warrant that HotelExecutive, software, materials, products, or services will be uninterrupted or error-free or that any defects in HotelExecutive, software, materials, products, or services will be corrected.

3. LIMITATION OF LIABILITY

In no event will HotelExecutive, its suppliers or other third parties mentioned at or in HotelExecutive be liable for any damages, including, without limitation direct, indirect, special, incidental, or consequential damages, damages resulting from lost profits, lost data or business interruption arising out of relating to the use, inability to use, or resulting from the use of HotelExecutive, any web sites linked to HotelExecutive, the materials, software or other information contained in any or all such sites, whether based on warranty, contracts, statutes, regulations, tort (including but not limited to, negligence) or any other legal theory and whether or not advised of the possibility of such damages. If your use of the materials or information from HotelExecutive results in the need for servicing, repair or correction of equipment or data, you assume all costs thereof.

4. REVISIONS TO THIS AGREEMENT

HotelExecutive may revise this Agreement at any time without notice by updating this posting. By using HotelExecutive you agree to be bound by any such revisions and should therefore periodically visit HotelExecutive and page to determine the then current Terms of Access and Use conditions of use to which you are bound.

5. TRANSMISSIONS

Any idea you transmit to or post on HotelExecutive by any means will be treated as non-confidential and non-proprietary and may be disseminated or used by HotelExecutive or its affiliates for any purpose whatsoever, including, but not limited to, developing and marketing products. You are prohibited from posting or transmitting to or from HotelExecutive any unlawful, threatening, libelous, defamatory, obscene, scandalous, inflammatory, pornographic, profane material or any other material, including but not limited to any material that could give rise to any civil or criminal liability under both domestic and international law.

6. YOUR WARRANTIES

You warrant to HotelExecutive that:

You are the sole owner of all rights in the materials posted or uploaded by you (including all related copyrights) or that you have the absolute right to license their use as provided in this section. While you will retain ownership of the copyright in the materials posted or uploaded by you, you agree that all materials posted or uploaded by you shall become part of a database, and that HotelExecutive will own the compilation copyright in that database. In addition, you hereby grant HotelExecutive a perpetual, worldwide, irrevocable license to use, reproduce, modify, publish, publicly perform, publically display and distribute such materials, and portions of such materials and any derivative works created from such materials, in print, electronic and other media, by any means now known or developed in the future. We may sublicense all of our rights and licenses or assign them to third parties. Neither HotelExecutive nor any third party using the materials in accordance with this section will be obligated to pay you any royalties or other compensation for use of the materials.

You will comply with these Terms of Access and Use including, without limitation, the USE RESTRICTIONS set out in Section 3 above;

You agree to indemnify and hold HotelExecutive harmless from any claim or damages (including any legal fees in relation to same) made by a third party in respect of any matter in relation to or arising from your use and/or membership arising from any breach or suspected breach of these Terms of Access and Use by you or your violation of any law or the rights of any third party.

7. ACTIONS WE MAY TAKE AT OUR SOLE DISCRETION

HotelExecutive may take any or all of the following actions at our sole discretion:

Remove any member profile (including photographs) or other material that, in our sole discretion may be inappropriate or we suspect to be illegal, subject us to liability or which may violate these Terms of Access and Use or where required to do so by law;

Issue members with verbal or written warnings and may take such further action as we deem appropriate if such warnings are not heeded;

Suspend or terminate a member's access to the members's area of HotelExecutive or a member's account without notice at any time;

Inform the appropriate authorities and provide them with information regarding any suspected illegal activity; or bring legal action against a member or other user of HotelExecutive in relation to any breach of these Terms of Access and Use or any illegal or suspected illegal activity.

8. GOOD SAMARITAN CONTENT AND COMPLAINT PROCEDURES POLICY

A. Policy

We have provided opportunities for you to contribute Content to our Site. It is our policy, however, not to allow any Content which may constitute intellectual property infringement; violations of federal, state, or local law; obscene or defamatory material, or may otherwise be unacceptable or inappropriate. Upon learning of such Content, we will attempt, and you hereby give HotelExecutive the right, to delete, edit, remove, disable, change, or restrict access to or the availability of the Content, which in our sole discretion, is otherwise unacceptable or objectionable. We may or may not notify you about what action we take with respect to the disputed Content. The provisions of this section are intended to implement this policy but are not in any way intended to impose a contractual obligation upon us to undertake, or refrain from undertaking, any particular course of conduct.

B. Complaint Procedures

If you believe that another user or other third party has posted Content which violates this policy or specifically the USE RESTRICTIONS in Section 3 above, you may notify HotelExecutive via e-mail at editor@HotelExecutive . In order to allow HotelExecutive to respond effectively, please provide HotelExecutive with as much information as possible in your correspondence, including: (1) the nature of the right infringed or violated (including any applicable registration numbers of the federally-registered intellectual property allegedly infringed), if applicable, or the unacceptable or inappropriate Content; (2) all facts which lead you to believe that a right has been violated or infringed, if applicable; (3) the precise location where the offending Content is located; (4) any grounds to believe that the party or user which posted the Content was not authorized to do so or did not have a valid defense (including the defense of fair use), if applicable; (5) if known, the identity of the party or user who posted the infringing, offending, or inappropriate Content; and (6) in the case of alleged copyright infringement claims, information sufficient to identify the work and your claims to ownership.

C. Indemnification/Waiver of Certain Rights

By contacting HotelExecutive and complaining of an alleged violation, you agree that the substance of your complaint shall constitute a representation made under the pains and penalties of perjury pursuant to the laws of the State of California. In addition, you agree, at your own expense, to defend and indemnify HotelExecutive and hold HotelExecutive harmless against all claims which may be asserted against HotelExecutive, and all losses incurred, as a result of your complaint and/or our response to it.

D. Waiver of Claims and Remedies

We expect all users of our Site to take responsibility for their own actions and cannot and do not assume liability for any acts of third parties which take place at our Site. By utilizing the Good Samaritan procedures set forth herein, you waive any and all claims or remedies which you might otherwise be able to assert against hotelexecutive under any theory of law (including, but not limited to, intellectual property laws) that arise out of or relate in any way to the content at hotelexecutive or our response, or failure to respond, to a complaint.

E. Investigation/Liability Limitation

You agree that we have the right, but not the obligation, to investigate any complaint received. By reserving this right, we do not undertake any responsibility in fact to investigate complaints or to remove, edit, disable or restrict access to or the availability of Content. We will not act on complaints that we believe, in our sole discretion, to be deficient, incomplete, or otherwise questionable. If you believe that Content remains on HotelExecutive which violates your rights, Your sole and exclusive remedy shall be against the user or other party responsible for said content, not against HotelExecutive. your sole and exclusive remedy against HotelExecutive shall be to terminate your use of HotelExecutive and service.

Digital Millennium Copyright Act Compliance. As set forth in Subsection (b), you must contact our agent if you believe that a work protected by a U.S. Copyright which you own has been posted on our Site without authorization or that our Site, in some material way, contributes to its infringement. It is our policy in appropriate circumstances, if possible, to terminate the access rights of repeat infringers and other users who use HotelExecutive in an inappropriate or objectionable manner.

9. COOPERATION WITH LAW ENFORCEMENT

HotelExecutive reserves the right to fully cooperate with any law enforcement authorities or court order requesting or directing HotelExecutive to disclose the identity or other information regarding any user or member alleged by any governmental entity to be using HotelExecutive or any Content or materials available in, at, through or in association with HotelExecutive in violation of any law or regulation, or in violation of this Agreement, including, without limitation, the posting of e-mail messages, or publishing or otherwise making available any such materials. By accepting this agreement you waive and hold harmless HotelExecutive from any claims resulting from any action by HotelExecutive during, or as a result of, its investigations, and from any actions taken as a consequence of investigations by either HotelExecutive or law enforcement authorities

10. APPLICABLE LAWS, VENUE, JURISDICTION & MANDATORY ARBITRATION

If any provision(s) of this Agreement is held by a court of competent jurisdiction to be contrary to law, then such provision(s) shall be construed, as nearly as possible, to reflect the intentions of the parties with the other provisions remaining in full force and effect. HotelExecutive's failure to exercise or enforce any right or provision of this Agreement shall not constitute a waiver of such right or provision unless acknowledged and agreed to by HotelExecutive in writing. The section titles in this Agreement are solely used for the convenience of the parties and have no legal or contractual significance. This Agreement may be assigned in whole or in part by HotelExecutive. This Agreement may not be assigned in any manner by you without the express, prior written permission of HotelExecutive.

Any and all disputes or controversies of any kind, including but not limited to any performance, duty, obligation or liability arising under or related to this Agreement which are not first resolved informally, shall be determined by binding arbitration in San Francisco, California, in accordance with the rules of the American Arbitration Association. The final award in any such arbitration proceeding shall be subject to entry as a judgment by any court or competent jurisdiction, provided that such judgment does not conflict with the terms and provisions hereof. The jurisdiction of the arbiter (or arbiters) with respect to legal matters shall be limited only by the statutory and common law of the State of California and the United States.

Notwithstanding the foregoing, any and all disputes, which the parties cannot informally resolve, regarding the scope of issues or matter with the jurisdiction of the arbitrator, shall be resolved by a separate dispute resolution process whereby HotelExecutive, in its sole discretion shall elect the dispute to be resolved by either (1) a court of competent jurisdiction in the State of California or (2) a panel of three new arbitrators.

This Agreement shall be governed by and construed in accordance with the laws of the State of California notwithstanding any conflict of laws provisions. You and HotelExecutive agree that the venue for all legal disputes, controversies, actions of any kind arising under or related to this Agreement shall be San Francisco, California. You and HotelExecutive further agree that in case of any litigation regarding this Agreement, you irrevocably and unconditionally (i) consent to submit to the exclusive jurisdiction of the state and federal courts in the County of San Francisco, California for any litigation or dispute arising out of or relating to this Agreement, (ii) agree not to commence any litigation arising out of or relating to this Agreement except in the California Courts, (iii) agree not to plead or claim that such litigation brought therein has been brought in an inconvenient forum, and (iv) agree the California Courts represent the exclusive jurisdiction for all litigation relating to this Agreement.

11. MEMBERSHIP FEES

Hotel Business Review Subscriptions

If you choose to purchase a subscription, member subscription payments can be made in U.S. Dollars, as well as a variety of international currencies. Membership terms are Annual Recurring, and Monthly Recurring. The Annual Recurring subscription is an annual commitment and subscribers will be charged each consecutive billing cycle. Annual Recurring subscriptions can be cancelled after the first billing cycle and within 30-days of the billing date for a full refund. Monthly Recurring subscriptions are ongoing and subscribers will be charged each consecutive monthly billing cycle. Monthly Recurring subscriptions can be cancelled after the first month and within 7 days of the monthly billing cycle for a full refund.

12. PAYMENT AUTHORIZATION

Payment for the services provided to you in, at, through or in association with HotelExecutive may be made by automatic credit card, debit card, direct debit, bankwire or Paypal and other approved payment means offered in, at, through or in association with HotelExecutive, and you hereby authorize HotelExecutive and its agents to transact such payments on your behalf.

You hereby authorize HotelExecutive's Internet Payment Service Provider to charge your credit card to pay for your membership to HotelExecutive. You further authorize HotelExecutive's Internet Payment Service Provider to charge your credit card for any and all purchases of products, services in association with HotelExecutive. You agree to be personally liable for all charges incurred by you in association with your access or other use of any content provided by HotelExecutive or any third party in association with HotelExecutive. You acknowledge and agree that your liability for all such charges shall continue after termination of your access or any type of membership arrangement with HotelExecutive.

In the event that you have chosen to have your membership automatically rebilled, unless and until you notify HotelExecutive that you wish to cancel or terminate your membership to HotelExecutive, you hereby agree and authorize HotelExecutive's Internet Payment Service Provider to automatically renew your membership to HotelExecutive on a continuing basis and to charge your credit card (or other payment means you have selected) to pay for the ongoing cost of your membership. You hereby further authorize HotelExecutive's Internet Payment Service Provider to charge your credit card (or other approved payment means you have selected) for any and all purchases of products, services and entertainment provided to in, at, through or in association with HotelExecutive.

13. PRIVACY POLICY

The following is the Privacy Policy for HotelExecutive

We can be reached via telephone, email, or online at our contact page. When you visit our site we do not log any information regarding your domain or email address. Information Sharing: We do not share user information with any third parties other than via press release distribution as described below.

Hotel Newswire is a newswire service that distributes press releases on behalf of our users. If you decide to submit a press release for distribution through our system we will transmit your entire press release including any personal information therein contained to our media contacts and online distribution points including search engines. This is the only redistribution of your information that we engage in. Your submission of press releases through our system indicates consent with this policy. The information we collect during your registration process is used to notify users about updates to our service and inform users of any special events hosted by Hotel Newswire. This information is not shared with other organizations for commercial or non-commercial purposes.

Cookies: Our system requires the use of cookies to enable the user to log back into our website to access information from the newswire, without having to log in each time using the required username and password.

If you do not want to receive email from us in the future, please let us know by following instructions included in our communication with you. Users who supply us with telephone numbers online may receive telephone contact from us regarding their account, or informing them of new products and services available on the HotelExecutive website. If you do not wish to receive such telephone calls, please edit your account and remove your phone number from your account profile. This can be done from your user account menu.

Ad Servers: We do not partner with or have any relationship with any ad server companies. From time to time, we may use customer information for new uses not previously disclosed in our privacy notice. If our information practices change at any time, we will post the policy changes to our website to notify you of these changes and provide you with the ability to opt out of these new uses. If you are concerned about how your information is used, you should check back at our website periodically.

Upon request we provide site visitors with access to all information (including proprietary information) that we maintain about them. Users can access this information by logging in to their account.

Security: We always use industry-standard encryption technologies while transferring and receiving user data exchanged with our site. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you on our site. We do not store credit card information in our systems.

If you feel that this site is not following its stated information policy, you may contact us.

Receive our Newsletter

How Can Budget Hotels Adapt to Sustainability at Their Own Scale?

By Andy De Silva, Co-Founder & CEO, Hotel Emporium

Hilton. This is a name that over time has become synonymous with sustainability in the hospitality space, which is no surprise considering the number of changes and initiatives they’ve taken to make a positive impact on the environment. According to Business Traveller, the hotel giant has committed to cutting the emissions intensity of Hilton-managed hotels by 75% and Hilton-franchised hotels by 56%, not to mention the reduction of water and waste by 50%, all by 2030. We’ve also seen strong efforts made by Marriott International (the sourcing of local food, the goal to reduce its water consumption by...

The Longevity Shift: Opportunities and Challenges for Hotels

By Roger Allen, Group CEO, RLA Global

Adopting new lifestyle habits to boost longevity is gaining popularity, and consumers seeking to live a longer healthy life tend to be much better informed about their available opportunities today than ever before. The goal is not simply to live longer, but to stay healthy longer. Healthspan, or the period of life spent without chronic or acute illnesses, is more important than actual lifespan. Most hotels are aware of this change. Big hospitality brands often associate longevity with high-end medical services and high-tech anti-aging technologies – and many have partnered with such providers – but a longevity service...

Cocktail Menu on The Rocks? Here's How to Revamp and Refresh

By Robert Midyette, Vice President of Food & Beverage, Live! Casino & Hotel Maryland

When you visit a bar or restaurant for the first time, you never know what you’ll take away from the experience. When my parents took a cruise in the 1980s, they returned home gushing that it was one of their most memorable vacations. They recounted many things they enjoyed, from the delicious food and excellent service to the unique presentation of their towels folded into animals every day. It wasn’t until three decades later that I learned one of the most minor experiences, one never previously expressed, also left a lasting impression: the butter service. Thirty...

Serving Success: Professional Association Trends

By Justin Taillon, Full Professor & Department Head, Highline College's Hospitality & Tourism Mgt

I was ecstatic to begin my career as a Front Office Manager with a major hotel company after I completed my bachelor's degree. Approximately 6-9 months post-graduation I became antsy. My work was going well but I was not advancing myself in a way I was accustomed to. I was no longer writing papers, taking exams, or otherwise being assessed weekly in ways I had become accustomed to. I began searching for outlets to continue this type of growth.I found that there were many avenues available for lifelong learning. I was able to cross-train through my employer, read industry periodicals,...

Wellness Real Estate Valuation and Finance

By Mia A. Mackman, President & Owner, Mackman ES

As the wellness real estate market continues to accelerate, it seems increasingly clear that wellness and sustainable asset types will become a new class of properties in the market. Whereas these developments have been underway for a while, these assets often have distinct property features that require reconsidering the wide and general framework of conventional financing, valuation methodologies, CAP rate averages, and WACC factors. This article describes an outlook for this new asset class to help identify and unlock wellness and sustainability in hospitality finance. Traditional Property Developments Hotel and resort property types vary widely. It is...

The Blame Game: When Marketing Blames Revenue Management and Vice Versa

By Connor Vanderholm, CEO, Topline Revenue LLC

Picture this: Marketing campaigns are in full swing, beautifully crafted, and meticulously executed to entice guests. Meanwhile, the revenue management team is diligently fine-tuning pricing strategies to optimize profits. Peaceful and cohesive like a Paula Detlefsen painting. That is until occupancy rates falter or revenues don't meet expectations, then the fingers begin to point."Our marketing efforts are flawless; it's revenue management's pricing strategies that aren't effective!" claim the marketers."Nonsense! Our pricing strategies are on point; it's the marketing campaigns that fail to attract the right audience!" retaliate the revenue managers.The blame game ensues, often escalating tensions and fostering a culture...

The Impact of Technology Trends on Transforming the Hospitality Industry

By Ahmed Mahmoud, Founder, revenueyourhotel.com

Every year, new technology emerges and dies. hotels either adopt them and thrive, or are left behind by their competitors, but technology doesn't stop for anyone. Just like the hotel industry. In 2024, the hotel industry stands on the brink of a technological revolution where emerging technologies are not just enhancing the guest experience but are also streamlining operations, offering personalized services, and redefining the very essence of hospitality. What Is Hospitality Technology and Why Is It Important? The hospitality industry is one of the most technology-dependent industries. Without information technology, managing the day-to-day operations of hotels,...

Unplugging in the Digital Age: the Revolution of Automated Massage Technology

By Brynn Scarborough, President & Chief Executive Officer, WellnessJK

We are dominated by the relentless surge of advanced technology, where constant notifications flood our phone and computer screens, and digital demands invade every aspect of our personal lives, and the search for authentic, quiet opportunities to disconnect has become an ongoing pursuit. Amidst this constant digital barrage, finding small moments for genuine relaxation is not just a simple luxury but a true necessity. In this complex digital age, where screens dictate all of our time and attention, the therapeutic power of relaxing massage therapy emerges as a healthy escape, a reminder to unplug from our devices, and provides...

Why Purpose-Driven Employee Engagement is Mission Critical for Hospitality Brands

By Maliha Aqeel, Founder & CEO, The Ideas Collective Inc.

Studies show that most employees prefer to work for brands that align with their values and have a purpose that goes beyond profit. Employees who work for brands that position themselves as socially responsible and purposeful are 12 times more likely to recommend their organization as a great place to work. In industries where direct interactions with employees heavily influence customer experience, an engaged workforce can be a competitive differentiator. The hospitality industry thrives on people, and employees are at the core of every customer experience. From front-desk staff and concierge teams to chefs and housekeeping personnel, employees deliver...

Tech Trends: What's Next for Hospitality Workforce Management?

By Corey McCarthy, CMO, Unifocus

The hospitality industry is undergoing a tech-driven transformation that is reshaping hotel operations, workforce management, and guest experiences. As we approach 2025, leveraging the latest technological advancements isn’t just about staying current—it’s about connecting staff, operations, and ultimately the guest experience. Using tech to connect hotel operations with guest and staff experiences enhances operational efficiency, boosts employee satisfaction, and drives significant ROI, positioning hoteliers as market leaders. According to a report by McKinsey, hotels that invest in technology are better positioned to respond to market challenges like soaring labor costs and evolving guest needs, leading to increased revenue and competitive...

HOTEL BUSINESS REVIEW DECEMBER FOCUS: Hotel Law

Cybersecurity Checklist : 12 Security Risks Hotels Must Address

By Mark Melodia Partner - Data Strategy, Security & Privacy, Holland & Knight | December 2019

Terms & Conditions

Receive our Newsletter

HOTEL BUSINESS REVIEW
DECEMBER FOCUS: Hotel Law